Detecting Cloud Runtime Threats with Falco (LFS254)

Course code: LFS254

Learn about Falco and how to install and use it in securing cloud native environments.

Explore Falco’s basics, history, design, and its role in cloud security. Dive into its architecture, threat detection methods, setup, rule customization, and output management.

and certified lecturers

recognized certifications

Wide range of technical
and soft skills courses

Great customer

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: Self-paced

Course duration: 365 days

Language: en

Price without VAT: 285 EUR


Type Course
Language Price without VAT
Upon request Self-paced 365 days en 285 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.


Course description

By the end of this course, you should be able to install and use Falco to secure cloud native applications. You’ll also gain hands-on experience in crafting Falco rules, managing outputs, and configuring Falco to fit your specific needs.

This course includes

  • Online, Self Paced
  • 20 Hours of Course Material
  • Hands-on Labs & Assignments
  • 12 Months of Access to Online Course
  • Digital Badge
  • Discussion forums

Target group

This course is designed for IT professionals, security analysts, DevOps engineers, and anyone looking to expand their knowledge and skills in cloud native runtime security.

Course structure

  • Chapter 1. Course Introduction
  • Chapter 2. Introduction to Falco
  • Chapter 3. Getting Started with Falco
  • Chapter 4. Syscall Data Source (Host Security)
  • Chapter 5. Other Data Sources (Cloud Security)
  • Chapter 6. Conditions and Fields
  • Chapter 7. Falco Rules
  • Chapter 8. Customizing Falco Rules
  • Chapter 9. Outputs and Falcosidekick
  • Chapter 10. Configuring Falco
  • Chapter 11. Writing Falco Rules


In order to complete this course, learners should be familiar with the following:

  • Basic concepts of cloud computing and cloud security.
  • Basic knowledge of Linux and command-line interface.
  • Basic understanding of system calls and their role in operating systems.
  • Familiarity with Kubernetes, including concepts like Pods, Services, and Deployments.

In order to complete this course, learners should have the following:

  • A computer with a modern operating system capable of running Docker and Kubernetes.
  • Access to a Kubernetes cluster for certain exercises (this could be a local minikube, a Docker Desktop, or a cloud-based Kubernetes service).
  • Internet access for downloading necessary resources and tools.

If using a cloud provider like GCP or AWS, you should be able to complete the lab exercises using the free tier or credits provided to you. However, you may incur charges if you exceed the credits initially allocated by the cloud provider, or if the cloud provider’s terms and conditions change.

Do you need advice or a tailor-made course?


product support

ComGate payment gateway MasterCard Logo Visa logo